Alexandr Polyakov, an Oracle security expert from Russia (reported findings in CPUJan2008, CPUJul2008 ), has posted details from one of his Oracle 11g findings on the webpage of dsecrg.com.
By using the following PLSQL fragment
exec EXFSYS.DBMS_EXPFIL_DR.GET_EXPRSET_STATS(‚EXFSYS‘,’EXF$VERSION‘,’EXFVER
SION‘,’YYYYYYY“ and 1=EVILPROC()–‚)
it is possible to escalate privileges via SQL Injection. More details (e.g. extract from v$sql) can be found in their advisory.
Other advisories for the January 2009 CPU cover other Oracle Products like BEA Application Server, Oracle E-Business Suite and
- Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability
- Oracle Containers For Java Directory Traversal (OC4J) Oracle Application Server 10g (10.1.3.1.0) Oracle HTTP Server
- Oracle BEA Weblogic 10 – Multiple Linked XSS vulnerabilities
- Oracle Application Server (SOA) – Linked XSS vulnerability